Author: markt Date: Wed Feb 4 09:31:02 2015 New Revision: 1657041 URL: http://svn.apache.org/r1657041 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57180 Additional fix. Do not attempt to enumerate valid HTTP methods.
Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Modified: tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java?rev=1657041&r1=1657040&r2=1657041&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java (original) +++ tomcat/trunk/java/org/apache/catalina/filters/CorsFilter.java Wed Feb 4 09:31:02 2015 @@ -338,8 +338,7 @@ public final class CorsFilter implements // Section 6.2.3 String accessControlRequestMethod = request.getHeader( CorsFilter.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD); - if (accessControlRequestMethod == null || - !HTTP_METHODS.contains(accessControlRequestMethod.trim())) { + if (accessControlRequestMethod == null) { handleInvalidCORS(request, response, filterChain); return; } else { @@ -623,7 +622,7 @@ public final class CorsFilter implements requestType = CORSRequestType.INVALID_CORS; } else { String method = request.getMethod(); - if (method != null && HTTP_METHODS.contains(method)) { + if (method != null) { if ("OPTIONS".equals(method)) { String accessControlRequestMethodHeader = request.getHeader( @@ -1030,14 +1029,13 @@ public final class CorsFilter implements /** * {@link Collection} of HTTP methods. Case sensitive. - * - * @see <a href="http://tools.ietf.org/html/rfc2616#section-5.1.1" - * >http://tools.ietf.org/html/rfc2616#section-5.1.1</a> - * + * @deprecated Not used. Will be removed in Tomcat 9.0.x onwards. */ + @Deprecated public static final Collection<String> HTTP_METHODS = new HashSet<>(Arrays.asList("OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE", "TRACE", "CONNECT")); + /** * {@link Collection} of Simple HTTP methods. Case sensitive. * --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org